of company Tremol Ltd.
Information about us
"Tremol" Ltd. is a company registered in the Commercial Register, V.A.T. 104593442, with headquarters in town Veliko Tarnovo and seated at 10 Asti str., Veliko Tarnovo 5000, Bulgaria
Our primary purpose in dealing with personal data
We process your personal data in order to provide you and your business with better, more quality and more varied services. We continually strive to improve our service and technical parameters of the company products.
The security of the data you entrust to us is very important to us. It is very important for the success of our business and for our public image. That is why we protect your data by applying all appropriate technical and organizational measures at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information.
We collect and process personal data only subject to the requirements of local and European law. We understand that processing your data is for a specific reason and can not be done without limitation.
Principles of processing personal data
The processing of personal data shall be managed in accordance with the principles for protection of personal data set out in Article 5 of Regulation (EC) 2016/679.
Company Tremol Ltd. applies the following principles when processing personal data:
· Personal data are processed legally, in good faith and transparently.
· Personal data is collected only for specific, explicit, and legitimate purposes.
· The personal data that are processed must be adequate, relevant, limited to what is necessary in terms of their processing for the specific purpose.
· Personal data must be accurate and updated at all times. All reasonable steps shall be taken to ensure the timely erasure or correction of inaccurate personal data.
· Personal data is stored in such a form that the data subject can only be identified for as long as necessary for the processing.
· Personal data is processed in a way that ensures appropriate security.
· Compliance with the principle of accountability.
How and why we use your personal information
To perform a contract or in the context of pre-contractual relationships we process your identification and other personal data, in order to provide the products and services you have requested and that you use with us both to perform the contractual and pre-contractual obligations and to apply the rights related to the contracts between us.
Processing is done with the purpose to:
- identify the customer through all channels;
- manage and execute your requests for products or services;
- execute contracts for product and services;
- prepare proposal for a contract;
- prepare and send an account/Invoice for the products and/or services you use with us;
- provide you with the full required servicing, as well as to collect the due amounts for the products and services used;
- provide subscription services of purchased products, in order to ensure quality services as per agreed;
- perform any technical assistance to support the products and services provided;
- make proposals for contracts outside our offices, send courier services with pre-negotiated information and draft contracts, manage a transaction denial;
- notify about everything related to the products and services you use with us, send various notifications about problems, errors, or respond to requests, complaints and suggestions;
- compile aggregated statistical information about our sales, services, clients, which we can also provide to third parties, etc;
- analyze customer history and create a profile to determine the right offer for you;
- identify and/or prevent unlawful actions or actions inconsistent with our terms and conditions for the respective products and services;
- your billing/Invoice data is handled by us for purposes that are consistent with the original purpose of collecting, in order to have an overview of our products and services;
- make processing by data processor upon signing of contract, assigning, reporting, acceptance, payment;
- perform warranty and service maintenance of devices;
To meet regulatory obligations
We process your identification data in order to comply with obligations provided for in a Regulation, for example:
- execution of sales obligations outside the POS, provided for by the Consumer Protection Act;
- provision of information to the Consumer Protection Commission or third parties, provided for in the Consumer Protection Act;
- provision of information to the Commission for protection of personal data, in relation to obligations under the regulation for protection of personal data - Data Protection Act, Regulation (EC) 2016/679 dated 27 April 2016, etc .;
- obligations stipulated in the Accountancy Act and the Tax and Social Insurance Procedure Code and other related normative acts, in relation to the keeping of proper and lawful accounting;
Upon your consent
In some cases, we process your personal data only upon your prior written consent. The consent is a separate base for processing of your personal data and the purpose of processing is specified therein and is not covered with the objectives listed in this policy. In case you give us specific consent and until its withdrawal or termination of any contractual relations with you:
- we prepare appropriate suggestions for our products/services by making detailed analyzes;
- partners of the company prepare for you the right product/service suggestions;
Basic personal data include names, PIN, and address (permanent address).
Advanced analytics is an analysis method that allows processing of large volumes of data through statistical models and algorithms and others, which include the use of network and personal data as well as processes of their aliasing and anonymizing, in order to retrieve information about trends and different statistical indicators.
Partners are the companies with whom we have partnership agreements and offer a variety of products and services.
Consumption data - summarized data on the consumption of our services, including type of service, total number and duration of use.
The provided consent for personal data may be withdrawn at any time. Withdrawal of consent will not affect the performance of our contractual obligations. If you withdraw your consent for processing of your personal data for any or all of the methods described above, we will not use your personal information and information for the purposes set forth above. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.
When you give us your consent for data processing, this consent applies to all products and services you use.
To withdraw the consent you only need to visit our offices, website or contact details.
In terms of our legitimate interest
We use your identification data with our legitimate interest to perform a basic analysis of your data, in order to adapt the services we offer to your individual needs and to offer you new services that will satisfy them.
Processing of anonymized data
We process your traffic data for statistic purposes, that means for analyzes where the results are only generalized and therefore the data is anonymous. Identifying a specific person based on this information is impossible.
What data we process:
- full name, PIN and permanent address;
Information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
- Call records that are made from and to our contact centers and are aimed at improving the services.
- emails, letters, information about your troubleshooting requests, complaints, petitions;
- other feedback we receive from you;
- personal contact details - contact address, phone number and contact information (email, phone number);
- video recordings made to improve the security of our offices;
- preferences for the services we provide you;
- credit or debit card information, bank account number, or other bank and payment information related to your payments;
When processing your basic personal data and other specified data for the purpose of providing products and services, their payment, for processing your service requests, and in order to fulfill our statutory obligations, such processing is required to fulfill these objectives. Without this data, we could not provide the relevant services. In case you do not provide us with identification data, we will not be able to conclude a product or service contract with you.
Why and how we use automated algorithms
For the processing of your personal data, we use partially automated algorithms and methods to permanently improve our products and services, to adapt our products and services to your needs in the best possible way or for calculation. This process is called profiling.
How we protect your personal information
To ensure adequate data protection for the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
The company has created a structure to prevent abuse and security breaches.
For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.
When do we delete your personal information
As a rule, we discontinue the use of your personal data for contract-related purposes after the termination of the contract, but we do not delete them before the expiration of one year from the termination of the contract or until the final settlement of all financial obligations and the expiry of the statutory obligations to store this data, such as liabilities (6 months) under the Accountancy Act for the storage and processing of accounting data (11 years), expiry of the statutory deadlines set in the Law for Obligations and Contracts for claims (5 years) and other situations under the current legislation (5 years). We will not delete or anonymize your personal data if it is necessary for a pending court case, administrative procedure or proceeding of your complaint toward us.
Your data can also be anonymized. Anonymisation is an alternative to data deletion. In anonymization, any personal identifiable elements / elements that allow your identification are irrevocably deleted. For anonymized data there is no legal obligation to be deleted, because it is not personal data.
When and why we share personal data with third parties
We provide your personal information to third parties, and our primary purpose is to offer you high quality, rapid and comprehensive service by taking care of the products and services we offer to meet your expectations. We do not provide your personal data to third parties before we are sure that all technical and organizational measures have been taken to protect this data, and we strive to carry out strict controls to meet this objective. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (administrators of personal data):
Persons processing data on our behalf:
- debt collection and / or debt collection companies - debt collection agencies, credit agencies which, through collateral or other means, service and recover of receivables;
- postal operators for the purpose of sending packages containing contracts, additional agreements and other documents and the need to identify the person by receipt;
- our distributors and agents acting as representatives of the company in the sales of our services and products;
- persons who are assigned to maintain equipment, software and hardware used for processing of personal data that are necessary to build the company's network and to perform various reporting, payment services and products, technical support, etc .;
- persons providing service support for end users’ devices; call centers that assist us in the sale of products and services and in servicing of subscribers before and during the period of contractual relationship;
- persons employed in the company under a civil contract, assisting the processes of sales, logistics, delivery, etc .;
- bodies, institutions and persons to whom we are obliged to provide personal data under the current legislation;
- providers of electronic authentication services when a document related to the provision of a product or service is signed with an electronic signature;
- other providers of electronic communications services in the case of portability of numbers;
- banks for servicing the payments made by you;
- security companies holding a license to perform private security activities related to the processing of video recordings in our sites and / or the provision of admission regime in our buildings;
- persons providing services for the organization, storage, indexing and destruction of archives in paper and / or electronic form;
- Persons performing consultancy services in different areas.
Persons processing data in their own name
- cessionaries - a party to cession contracts with whom we transfer (sell) your outstanding obligations;
- competent authorities that in the force of enactment, have the power to require the provision of information, including personal data, such as courts, prosecutors, various regulatory bodies such as the Consumer Protection Commission, the Data Protection Commission, entities with enforcement to protect the national security and public order;
Your rights in relation to the processing of your personal data
Right to information:
You have the right to request:
- information on whether data relating to you are being processed, information for the purpose of such processing, the categories of data and the recipients or categories of recipients to whom the data are disclosed;
- a message in comprehensible form containing your personal data that are being processed as well as any available information about its source;
- information on the logic of any automated processing of personal data that is relevant to you, at least in the cases of automated solutions.
Right of correction:
In case we process incomplete or error data, you have the right at any time to request:
- to delete, correct or block your personal data, the processing of which does not meet the requirements of the law;
- to notify third parties to whom personal data has been disclosed of any erasure, correction or blocking, except cases when this is impossible or related to excessive effort.
Right of objection:
You have the right at any time:
- To object against the processing of your personal data, provided there is a legitimate reason for doing so; where the opposition is justified, the personal data of the individual concerned can no longer be processed;
- To object against the processing of your personal data for direct marketing purposes.
Right to limit the processing:
You may request a limitation for the processing of personal data if:
- You dispute the correctness of data for the period we must verify its accuracy; or
- the processing of the data is without legal basis, but instead of deleting it, you want its limited processing; or
- we no longer need these data (for the intended purpose), but you need them for the establishment, exercise or protection of legal claims; or
- You file an objection against the data processing, pending for verification that the basis of administrator are legal.
Right to appeal:
In the case you think that we violate the applicable legal framework, please contact us to clarify the matter. Of course, you have the right to file a complaint with the Personal Data Protection Commission. After May 25, 2018, you will be able to file a complaint with a regulatory body within the EU.
Please inform other users if they use services purchased by you (such as staff or family members) about the processing and transfer of your data.
Requests for access to information or for correction are filed in person or by an explicitly authorized person by a notarized power of attorney. Request may also be made electronically, in accordance with the Act for Electronic Document and Electronic Signature.
We will give our statement on your request within 14 days of its filing. By objectively longer period needed - in order to collect all the requested data and that seriously impedes our activity, this period may be extended to 30 days. With our decision we give or deny access and / or the information requested by the applicant, but we always motivate our response.
Updates and policy changes